Is SSO software the best choice for your company’s limited funds? It all depends on your goals and the quality of your IT processes. SSO (single sign-on) software has the potential to make life easier for your employees. It also improves security because you can enforce stronger security requirements.
How to Use This Article
Read each set of questions and assess your capacity and need to move ahead. If you have alignment in at least two categories, move ahead with the process. If SSO software is not a good fit, there are other ways to improve security, such as reducing the password reset burden on your help desk by using Password Management.
Part 1: Assess Your Company’s Strategy
Let’s start at the top of the house with the overall strategy. In this case, let’s say you run a technology company in San Francisco. It is a high cost and highly competitive industry. If you want to thrive, you need to attract great talent and keep your data safe.
- What is your talent strategy? This includes recruiting and developing your staff. For the best results, it also comprises equipping your team with tools like SSO to enable their productivity. If staff cannot easily access the tools they need at work, they are more likely to become disgruntled.
- What are the security threats in your industry? In the software industry, a single hacking incident can take down your business. That is why there is a strong business case to invest heavily in your cybersecurity.
- What are your industry’s risk management goals? If you run a fin-tech company or work with the government, you will be asked tough questions about the quality of your security processes.
- What are your growth plans? Companies that plan to grow rapidly tend to face problems because their systems and processes fail to keep up. Don’t let that happen to you.
To keep talent and reduce risk, implement SSO software. It is one of the rare situations where you can improve productivity and security at the same time. However, does it fit with your IT strategy?
Part 2: Review Your IT Strategy
Your technology strategy influences whether or not SSO software is a smart choice. In our view, SSO software will soon become an industry standard. The question then becomes whether you want to adopt now or act as an industry laggard.
- What is your IT project mix (innovation vs. maintenance)? At a simple level, you can classify IT projects into support — keeping servers running — and innovation. As a rule, we suggest keeping at least 20% of your project budget set aside for innovation. That includes process improvement efforts like implementing SSO.
- What IT skills do your staff have? If you have a robust cybersecurity unit, seeing the value in adding SSO software will be easier.
- How do other business leaders view IT? Your ability to win funding for SSO depends partly on your credibility with other IT leaders. If you have low credibility, that will hurt your ability to generate results in your business.
- Growth in services and applications. Each application and software as a service (SaaS) your company uses needs to be assessed and controlled from a security standpoint.
- Digital transformation. According to consulting firm McKinsey, “on average 35% of companies’ revenues worldwide are digitized.” If that is your situation, then your IT strategy needs to be revised so you can catch up unless you want Amazon, Google, and the rest to eat your lunch next.
Now that you understand your company’s overall goals and IT strategy, let’s take a closer look at your current state of password management and related issues.
Part 3: What Is Your Current State of Access Governance?
Single sign-on (SSO) software is a way to improve your access governance. To understand your current situation, look closely at the following four areas.
- What degree of automation do you have in place? To what degree does your company have automated solutions to handle sign-on issues? The more you rely on manual effort, the higher the probability of errors.
- What tools and software do you have in place? There is a big difference between relying on spreadsheets to track access issues (it is more common than you might be thinking, even at banks) and robust tools. If you have an SSO software tool in place, look at it closely. Does it integrate with all of your tools?
- What processes support access governance? Assess whether you have high-quality procedures and checklists to support access governance. Are your records complete and available for auditors to review? If an auditor does not see evidence of effective governance, you are likely to have a finding on your hands.
- How have you trained your people on access governance? There are multiple groups to consider. First, does your help desk have the right tools and training? Second, look at your managers and the burden they face in managing access. Finally, examine your end users to see how much of their work time is lost due to requesting and controlling access.
- Do you need a third party assessment for access governance? Some companies invest in external assessments to detect gaps in their access controls. If you have done such an evaluation, implementing SSO software is usually a good way to improve your controls.
Once you add up your access governance findings, you will probably find that managers and IT are struggling to keep up. Investing in an SSO software solution is one of the best ways to ease the burden.
Are You Ready to Pursue SSO Software?
To answer “Is SSO software worth it for my company?” you will need to consider the three areas laid out in this article. Your overall company strategy is the foundation. If you are expanding quickly, operate in a regulated industry, or have audit problems, SSO software is worth it. Regarding IT strategy, look at the time, tools, and processes you have internally to manage security effectively. If there are inconsistencies, implementing SSO software is worthwhile.